Cyber criminals are constantly looking for opportunities to infect legitimate websites with malware. They can use infected websites to cryptomine, steal data, hijack systems, deface pages, and do other damage to harm a company’s reputation and impact their users. This can result in lost revenue, and regulatory fines, and potentially drive customers away.

SiteLock researchers recently reported that a website is attacked on average almost 60 times per day, and that 1% of all websites — about 19 million globally — carry malware at any point in time. Those often include websites from large, well-known companies. For example, Newegg, British Airways and Ticketmaster all recently fell prey to the Magecart credit card skimming malware.

It’s clear that anti-virus software, firewalls, and other prevention tools are not enough to defend against the steady stream of ever-evolving malware. Even if a company’s website is secure from external attackers, this does not mean the website is safe from infection from third-party content providers or advertising used on the website.

Firewalls aren’t infallible, and neither are AV products. Perhaps most frustrating of all is that despite years of awareness training, employees still inadvertently click on malicious links and attachments, John Delaroderie, a Qualys Security Solutions Architect, said recently at Microsoft Ignite 2018.

“That’s why you need a superhero sidekick on your team — to find this malware, root it out at the source, and keep your website safe,” he said.